nanyang's article on ctf

it's rather odd, but for the past few years, only the chinese newspapers have been interested in HITBSecConf's capture the flag. i think sin chiew interviewed me a few years back, now it's nanyang. anyways, i can't read chinese, but i AM pretty sure there were some misinterpretations of what i've said about the game by the reporter. the original news item is here.

i was asked a few questions, some of which i can remember are:

what is the purpose of this game?

to tell my mom that i'm 1337. to provide a legal and fun environment for hackers and security professionals to test their skills against each other. also, to show to the public what hacking is all about. as you can see right now, most of the participants are examining the source codes to the vulnerable applications that we provide which requires skills and knowledge in finding and exploiting vulnerabilities, and not just using available tools. NOTE: "to test their skills against each other" was probably interpreted as "to show off".

how can they defend themselves?

they can deploy and IDS and IPS (intrusion detection and intrusion prevention system), firewall, and proxy to monitor incoming requests to their servers. NOTE: this question is regarding the defensive part of this game.

do you limit the tools that they can use?

nope. they can use whatever tools they want, but bear in mind since the applications are custom made, tools such as nessus have no use. the tools that they can use are debuggers (gdb) for finding vulnerabilities, and exploit framework (metasploit) to write vulnerabilities.

NOTE: i'm not sure why the reporter kept asking about tools. the tool for any job, as we all know is this.

who are the participants? which companies are they from

some of the participants are full-time security professionals and some are students. they are between 18-30 years of age, but most won't reveal which companies they're working for.

that's some of the stuff i remember.